from the good-point dept

For years, we've pointed out that many claims of "losses due to piracy" are incredibly misleading, but there are different levels of misleading. The first is the claim that every download is a lost sale. While that was popular in the early days, most researchers (finally) avoid this sort of claim, though a few will still try to sneak it in as something along the lines of "value of pirated goods," and then the press will run with that number without making the distinction. A second order of misleading is the claim that whatever "losses" are calculated are "losses to the economy." We see this all the time, with various maximalists insisting that without stronger protections that somehow this money goes away from the economy entirely.

Matt Schruers, over at Project DisCo has a good post discussing this exact point, noting that infringement leads to a redistribution of income. We can argue over whether or not that redistribution is good or bad (or societally beneficial or not), but to claim it's an overall loss to the economy is clearly wrong. He notes how rarely this even comes up in the discussion, which is unfortunate. However, he also points us to this hilarious Adult Swim ad, that I'd not seen before, which explains how piracy feeds babies (except, of course, TV piracy):

Matt makes it clear that this is, in no way, a defense of infringement, but rather just a reality. If we're going to be talking about copyright reform, the discussion should be honest, and that means not pretending that the money just disappears from the economy entirely. Like any redistributive economic system, it creates some winners and some losers, and a thorough economic analysis would study carefully who those winners and losers are, and whether having those winners and losers matches up with what the law is supposed to do. Similarly, recognizing that there are always some losers whenever you shift around a redistributive system, it can be worthwhile to look at whether or not it's necessary to do something to help out those who end up with the short end of the stick.

Matt's article is well worth reading -- and remembering, when the next group of "studies" claims massive losses to the economy. However, I'd argue in some ways, he actually understates the nefariousness of the "economic loss" claims that are often used. That's because one of the favorite "loss" stats that maximalists like to use -- such as the annual report that IPI puts out done by Stephen Siwek -- makes use of ridiculous "ripple effect" calculations. That is, they don't just say that "movie piracy costs the economy $6 billion per year," but they then add in a multiplier effect, claiming that this is to count the "ripple effects" of the money not spent on the movie. This is simply bad economics in a variety of ways. First, it's counting the same dollar over and over again:

In IPI-land, when a movie studio makes $10 selling a DVD to a Canadian, and then gives $7 to the company that manufactured the DVD and $2 to the guy who shipped it to Canada, society has benefitted by $10+$7+$2=$19. Yet some simple math shows that this is nonsense: the studio is $1 richer, the trucker is $2, and the manufacturer is $7. Shockingly enough, that adds up to $10. What each participant cares about is his profits, not his revenues.

So not only are they recounting the same dollar over and over and over and over and over again, pretending it's new each time, they're also only counting such ripples in one direction. That is, they assume that the money saved by not purchasing the content in question doesn't go back into the economy productively elsewhere. And, like the "piracy feeds babies" joke above, at times, the "ripple effect" in the other direction can be quite beneficial for the economy. For example, say a small company uses unauthorized copies of expensive software to build an amazing tool that drives all sorts of productivity growth elsewhere. That may be wrong and illegal, but the impact on the economy can actually be quite positive.

Again, the point of all of this is not to say that infringement has no economic impact at all -- or that it's good or bad. There are a lot of different variables at play here. And that's the key point. Any serious look at the economic impact of changing the laws needs to take a look at all of that in determining the overall economic impact, and not just at the aggregate economic impact, but the economic impact throughout the chain. Unfortunately, so far, very few studies appear to go that far, and, instead present very misleading statements about the overall impact on the economy.

from the is-there-nothing-those-numbers-can't-do? dept

For many years, we've talked about just how bogus the numbers are that get thrown around for "losses" and "job losses" due to copyright infringement. And yet they keep getting repeated. Two years ago, we were particularly stunned by a report from the ITC that claimed $48 billion dollars in losses directly due to Chinese piracy. But, as we looked at the methodology, the whole thing was completely ridiculous. It was based on just asking a bunch of companies how much they thought they must have lost to Chinese infringement. Not only is that a horribly unreliable and biased way to try to determine what's actually going on, it's difficult to see how companies would even know that information in the first place.

Outside of piracy, we've also noted that the stats used to support "cybercrime" and "cybersecurity" efforts are often just as bogus. And here we have a story that brings the two subjects together.

SongLifter points us to a NY Post article about Chinese cyberhacking which builds off of the Mandiant report that got so much attention. The article is bizarre in that it claims that the US isn't fighting back against Chinese hackers and somehow that we're sitting on our hands while a great "cyberwar" is being waged against us. Apparently, the author, Ralph Peters, is wholly unaware that some of the only confirmed "attacks" via a computer system were by the US. All this "woe is us" hand-wringing is just bizarre. But then Rogers tosses out these bogus and debunked numbers as if they're proof that we must attack China online:

According to the US International Trade Commission, Chinese intellectual property theft cost the United States $48 billion in 2009, as well as taking away 2 million jobs. Since then, the amount of theft has worsened, so the total loss is likely around $300 billion. But US companies, afraid that making their losses public will shake consumer confidence, won’t go public with their outrage.

Except, there's no way those numbers are even close to accurate. Again, they're based on self-reporting, and any estimate of "value" is guaranteed to be grossly overweighted. Then, take those numbers and, for reasons that make no sense at all, you don't just "grow" the $48 billion, but expand it more than six times to claim it must be up to $300 billion by now? Really? And we're using that totally bogus and made up number as the basis of an argument for why we need to kick off a "cyberattack" on China? As if that won't escalate things even further? Incredible.

from the but-of-course... dept

While the latest attempt to pass a cybersecurity bill may be on ice for now, it'll be back... and with it there will be a lot more hyperbole about how urgent this is because of various massive "losses" already happening due to cybersecurity problems. Of course, nearly all of the numbers and claims you hear will be 100% bogus.

For years, we've highlighted stories about how the claims of "losses" from the entertainment industry due to infringement are completely fictitious. In the past, we've seen Julian Sanchez go on a hunt to find the origin of some of the numbers being thrown around, and come up with evidence that they're based on nothing. For example, claims of $200 billion in losses due to counterfeiting... came from a 1993 Forbes article that just makes that claim with no citation and no backing info. But it became gospel among those arguing there was as problem.

With Congress and the President continuing to insist that we need a cybersecurity bill, politicians have been tossing around all sorts of questionable numbers. Just a few weeks ago, we noted that General Keith Alexander, the head of the NSA, had tossed out some numbers and claimed that cybersecurity was the "greatest transfer of wealth in history." Considering that we're living through the aftermath of a financial meltdown that involved a massive transfer of wealth, I find the original claim difficult to believe. Plus, as we noted, he seemed to only cite studies from McAfee and Symantec, two companies who have a massive vested interest in keeping the cybersecurity FUD going, because it helps them sell stuff.

Thankfully, the folks over at Pro Publica decided to take a much closer look at the numbers politicians are relying on in support of the massive "harm" that is already being caused by online security issues... and discovered that the numbers are completely and totally bogus. In fact, the full story (which is fascinating) parallels (very closely) the story with "piracy" stats from the industry.

One popular number is "$1 trillion" in losses due to cybersecurity breaches. That number gets thrown around a lot by politicians (and many in the press who merely parrot such numbers unquestioningly, even as that gives those politicians more cover to claim that there's a reputable source supporting the number). Yet, the Pro Publica report highlights that, not only is this number bogus, but the (quite well respected) researchers who put together the original report for McAfee did not use that number and, more importantly, many of them spoke out publicly with surprise that McAfee put out a press release with such a number -- which they thought was questionable and not supported by their data.

In fact, there were a number of methodological problems, including that the data was based on a self-reported "average" amount of the "worth of sensitive information stored in offshore computer systems." Who knows if the respondents are being accurate, first of all, but even more to the point, the "worth" of such information is a highly subjective number. People can find something "worthwhile" without paying for it, but by focusing on the "worth," they obscure the fact that the market price may be quite different than what people think something is worth. And, what people think something is worth has zero impact on any actual losses. But, from a very small number, McAfee just sprinkled some magic pixie dust on the already questionable number, and proceeded to extrapolate, massively:

“The companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone, and spent approximately $600 million repairing damage from data breaches,” the release said. “Based on these numbers, McAfee projects that companies worldwide lost more than $1 trillion last year.” The release contained a quote from McAfee’s then-president and chief executive David DeWalt, in which he repeated the $1 trillion estimate. The headline of the news release was “Businesses Lose More than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime.”

The trillion-dollar estimate was picked up by the media, including Bloomberg and CNET, which expressed no skepticism.

Now, remember, this $1 trillion number is just in the press release. It's not in the report at all. And the report's researchers were just as baffled (and even more concerned) about this:

Among [the study's researchers] was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. “I would have objected at the time had I known about it,” he said. “The intellectual quality of this ($1 trillion number) is below abysmal.”

.... The company’s method did not meet the standards of the Purdue researchers whom it had engaged to analyze the survey responses and help write the report. In phone interviews and emails to ProPublica, associate professor Jackie Rees Ulmer said she was disconcerted when, a few days before the report’s unveiling, she received a draft of the news release that contained the $1 trillion figure. “I expressed my concern with the number as we did not generate it,” Rees Ulmer said in an email. She added that although she couldn’t recall the particulars of the phone conversation in which she made her concerns known, “It is almost certainly the case that I would have told them the number was unsupportable.”

...The news stories got the worried attention of some of the report’s contributors because McAfee was connecting their names to an estimate they had no previous knowledge of and were skeptical about. One of the contributors, Augusto Paes de Barros, a Brazilian security consultant, blogged a week after the news release that although he was glad to have been involved in the report, “I could not find any data in that report that could lead into that number.... I’d like to see how they found this number.”

I don't know about you, but when a super well respected security researcher tells you that the basis of a particular claim is based on a number whose "intellectual quality ... is below abysmal," that's the point at which you should probably stop using the number. But, instead, politicians and the press continue to parrot the line over and over again.

The slightly smaller number, from Symantec, is still equally questionable. They go with $250 billion... but the number has almost no support. It does come from a real Symantec report, but not from Symatec employees. Instead, they hired another firm to magically come up with the number, and it sounds like magic would have been equally as effective as what was eventually done. It raised concerns from actual experts in the field:

“Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population.”

Furthermore, even if we take these numbers at face value, the original reports on both of them say these numbers represent the value of the attacks in question, and not what was actually "lost" or how much it cost to deal with. However, when a politician quotes them, they almost always do so by at least suggesting that these made up "values" are very real "losses" to companies. In other words, the numbers (shocker, shocker) are being twisted by cybersecurity law supporters. For example, just recently, Senator Collins said that General Alexander "believes American companies have lost about $250 billion a year," but that's not true. Already, we know the number is suspect -- but even if we accepted the number, it only represents the "value" that various companies have put on things harmed by security issues, not any sense of actual losses. Claiming that these are losses isn't just misleading, it's wrong.

We've argued for years that actual data should inform the debate on these things -- but that data needs to be accurate and supportable. Unfortunately, with cybersecurity threats, the claims that are being thrown around have no basis in reality. If politicians really want to discuss the "threat" of cybersecurity, the least they can do is get some accurate research on the scope of the problem. Trusting a number from a McAfee press release is not credible and it's certainly no basis for passing a law that wipes out privacy rights of the public.

from the more-bs-from-the-bsa dept

If my time at Techdirt has taught me anything, it's that anti-piracy groups will pull more numbers out of their collective behinds than The Count from Sesame Street. It's a strange tactic, if only because once they are caught cow-pooping their own figures it seems to indicate that the problem is not nearly what they're claiming and therefore their response and policy recommendations no longer worth considering. Unfortunately, many members of the esteemed 4th Branch are inclined to simply parrot these fudged stats and report them as news.

Let's start with the BSA claims, shall we? Did you realize that 30% of people in wealthy nations and 45% of people in less-wealthy nations "have a liklihood of sharing log-in credentials for paid [cloud] services?" That's the conclusion drawn by the BSA's latest study. And if that seems like a lofty number to you, it may be because it's utter bullshit.

The Economist begins by correcting the BSA's pretend numbers:

"The percentages come from a question in which people were asked if they had ever shared their log-in details for paid services. Some 15% of people in rich countries and 34% in poor countries said they had for personal use. For business use, it was 30% and 45% respectively...Moreover the respondents were only those who had paid for cloud services, which was a fraction of users. Cloud services are generally based on a “freemium” model, whereby basic use costs nothing and a premium version is paid for. According to the BSA's own data, only half of computer users tap cloud services, of which only one-third use it for business, of which two-thirds pay. Of the small subset that remain, the minority share log-ins. This changes things considerably. If the BSA figures were adjusted for all this, the potential piracy figures could be as low as between 2% and 6% of users—as much as 20 times less than the group claims. (The BSA's data is online here.)"

In other words, through the magic of pretending like only a small subset of data is the entire data, the BSA has magically turned the number two into the number thirty. This would be laudable if those numbers were fish, the readers were hungry, and the BSA was trying to claim it had perfected what I lovingly refer to as "Jesus' Fish Fry Miracle", but they aren't, dear readers. No, they're going to policy makers with this nonsense.

And that isn't even the end of the story. The piece also points out that the BSA's survey failed to ask what might just be an important question: does sharing log-in credentials with a friend violate that service's TOS? If it doesn't, that isn't piracy. But the BSA doesn't bother to ask that question because they don't care, they're just looking for numbers that support their conclusions, here.

The article then points out a couple of other ommissions on the BSA's part:

"There are other anomalies. The BSA only considered PC use, when many people use cloud services over tablets and mobile phones, especially in poor places. And the survey, of 14,702 people in 33 countries, presumes to speak with confidence about the “developing” world but not a single African country is represented—an odd omission, since it is a fast growing market."

In short, these BSA claims are a "study" in the same way that snake-handling is a "religion": it isn't.

from the because-they're-not-losses dept

We've talked about exaggerations in "losses" due to infringement for many years. However, we've also discussed how claims of "losses" due to so-called "cybercrime" are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from "cybercrime" appear to be exaggerated -- often by quite a bit:

One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.

Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).

For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.

This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total "losses" to the estimate.

This doesn't mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn't that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for "cybersecurity," perhaps we can start to estimate just how much of an exaggeration in FUD the prefix "cyber-" adds to things. I'm guessing it's at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you've got the makings of an all-out moral panic.

from the sigh dept

We recently noted that the MPAA was passing around a silly infographic chock full of bogus stats, and pointed out that someone had noticed that if you took the MPAA's "losses" claim seriously, it would mean that downloaders were buying 200 more DVDs per year. The MPAA folks were apparently not happy that people called them on their misleading stats, and have come out with a statement, which it claims is about "correcting the record."

If only that were true. Instead, we get more misleading bunk from the Masters of Propaganda.

First off, the MPAA admits that perhaps (just perhaps) their original graphic may have been a little misleading, and have put out a new version that moves away from implying that they were losing $58 billion, and now merely suggests that it's the US economy that loses this much money from the combined infringement on movies, music, packaged software and video games. This is complete and utter bunk -- and the MPAA folks either know this and are lying... or they're idiots. Take your pick.

The $58 billion claim comes from a study from The Institute for Policy Innovation that has been debunked so many times over, the fact that the MPAA would even bring it up is a laugh. And it's based on a very questionable analysis of the broadly defined "copyright industry." Of course, as we've noted in the past, the definition of "the copyright industry" for such studies includes all sorts of goods and services that do not rely on copyright at all, but are force-lumped into this study. So, if we're talking about actual products that rely on copyright, you probably have to ratchet down the scale by an order of magnitude. And that's just to start. From there, you have to realize that IPI's numbers use completely bogus math.

Tim Lee did an excellent job explaining the economic and mathematical fallacies of their methodology years ago (for which IPI kindly tried to get him fired from his job). The key issue is how the IPI counts "losses."

In IPI-land, when a movie studio makes $10 selling a DVD to a Canadian, and then gives $7 to the company that manufactured the DVD and $2 to the guy who shipped it to Canada, society has benefitted by $10+$7+$2=$19. Yet some simple math shows that this is nonsense: the studio is $1 richer, the trucker is $2, and the manufacturer is $7. Shockingly enough, that adds up to $10. What each participant cares about is his profits, not his revenues.

Furthermore, in IPI and MPAA fantasy-land, dollars not spent on movies simply disappear from the economy. And yet, anyone can tell you that's simply not true. That money continues to be spent elsewhere, and plenty of studies have shown that, despite growing infringement online, the amount of money that individuals spend on entertainment continues to rise.

So why would the MPAA rely on this number, which is so obviously false? Because it doesn't care about the truth or accuracy or "correcting the record." The MPAA's job is to get Congress to pass laws that divert money from what the market wants to its legacy studios who are slow to adapt. So it will use any number it can get its hands on, no matter how ridiculous. It's just that this time it got called on it, so it had to scramble to try to make the number look even a little bit legit...

from the mythical-losses dept

I'm always a bit wary of news reports about "studies" claiming huge dollar value "losses" due to infringement, as when you look at the details, the methodology is almost always suspect. Of course, this generally applies to industry-driven studies. So, I was a bit more interested to find out the details of a newly released study from the US International Trade Commission, done at the behest of the Senate, to determine the "cost" of intellectual property infringement in China. I was surprised that Reuters, of all publications, would have such a vague description of the report, and not discuss the methodology at all. After all, Reuters employs Felix Salmon, who is one a very small number of folks who has spent quite some time debunking the methodology of similar studies.

In this case, the ITC is claiming losses of a rather astounding $48 billion. Having seen similar studies over the years, both good and bad, my first reaction was that this didn't pass the laugh test (at all) and sounded like the typical exaggerations from industry. So, I looked at the actual ITC report (pdf and embedded below) and it turns out it's even worse than I expected. Rather than taking any sort of actual objective study, the ITC simply asked 5,000 companies for what they thought their "losses" to Chinese infringement were. Not only that, but the ITC tried to choose the firms who were most likely impacted by this -- which means those who have the highest incentives to lie or exaggerate, because they want to have greater protectionism against Chinese competition.

Seriously, this methodology is just dopey. It's like asking horse and buggy makers how much in "losses" they would suffer if the automobile market were allowed to move forward -- and then basing regulatory policy on what they had to say. What's most frustrating about this is that folks at the ITC know this. Just last year, it held hearings on this topic for this very report in which it was told, repeatedly, by experts that such methodologies were woefully inaccurate. Given that, it's somewhat incomprehensible that the ITC would still use such an obviously wrong and biased methodology to support its claims.

It's both disappointing and troubling that the ITC would use such a methodology (and that the press would parrot the numbers back as fact, without bothering to look at or even mention the methodology). The real problem is that this clearly bogus study will now likely have a tremendous impact on US policy towards China.

from the moving-on dept

We've pointed to a couple of laughable new reports that were released by copyright industry interests in the past couple months, pushing claims of ridiculously high "losses" due to copyright infringement. The reports have been debunked, but part of the concern was that mainstream press, such as The Australian, were spreading these reports as fact. Thankfully, not everyone in the press falls for such questionable studies. The Sydney Morning Herald recently published a rather comprehensive look at all of these reports and studies, entitled: Piracy: are we being conned? It does a really nice job pushing back on all this industry-backed research, to point out that the story is more complex and nuanced that those fear-mongering claims make it out to be:

The Australian Institute of Criminology for one has been reluctant to take the industry at its word when it comes to piracy losses.

"Although these estimates provide a general indication of the scale of the problem, the validity of the data is open to some debate," the AIC wrote in its latest report on intellectual property crime in Australia.

The AIC has previously debunked claims that piracy was linked to organised crime and in a draft report leaked in 2006 said industry-provided piracy statistics were "self-serving hyperbole".

"The AIC's frustration was largely based on the fact that none of these groups will expose their reports to genuine peer review or analysis," said Kimberlee Weatherall, a senior law lecturer at the University of Queensland, who specialises in copyright law and is highly critical of the industry's piracy reports.

"When the US Government Accountability Office (GAO) looked into it at the request of US Congress, it expressed doubt about most of the industry-produced figures."

Piracy figures derived by the entertainment industry have also been heavily criticised in the US and Europe. In some instances, the industry has admitted to grossly inflating its numbers.

The article includes a lot more debunking of industry FUD. Nice to see that the press is finally realizing that claims that come from an industry looking for government protectionist laws to be adjusted in their favor can't necessarily be trusted.

from the doubtful dept

The entertainment industry is famous for its bogus stats, claiming massive losses from things like file sharing. However, when those reports are looked at by any credible source, it's not hard to realize they're totally bogus. This also comes up in various lawsuits. For example, a Russian torrent tracker was shut down, and the operators of the site are now being accused of causing $1.25 billion (with a b) in losses for the movie industry. This is substantiated by... well... absolutely nothing other than movie studios insisting that it's true. I'm curious as to why they do this, because when they put forth such unbelievable numbers, it seems like they're only hurting themselves. No one believes that such numbers are even close to true and it just makes it that much more difficult to take them seriously. Then again, maybe they're just using some Hollywood accounting to figure out those losses...

from the say-what-now? dept

Reader Matt Perryman points us to a bizarre story down in New Zealand, which he claims is all over the news. Apparently, a local movie, called Boy, has been a huge success -- having the third most successful box office of a New Zealand film ever. Not bad, right? But, months after the film has been out in the theaters, it's now been leaked to the internet, and suddenly the media frenzy is about just how much this is "costing" the filmmakers. No evidence (at all), is presented. They just claim that a leak like this will cost a million dollars. Even more amusing, at the time these reports came out, they said that the movie had only been downloaded 200 times. But, if you look at the comments on that article, a ton of them are thanking the publications for letting everyone know the movie was available for download. Of course, many of the commenters are also pointing out that they don't live in New Zealand, and there was no way for them to see the movie otherwise... meaning that those downloads aren't losses at all. But, it seems the reporters never bothered to mention that rather important fact.